Modern vehicles are equipped with a large number of electronic control units (ECUs) which vary in processing capability and functional complexity. They monitor and control critical vehicle components such as engine and transmission (powertrain), and non-critical components such as airbags and telenetics. They are interconnected via several in-vehicle networks, such as the Controller Area Network (CAN) which has become the de facto standard due to its widespread deployment. Other standards include the Local Interconnect Network (LIN) which was designed for simpler vehicle components, such as roof, power seats or windows, and FlexRay which provides more capabilities (hence more expensive) than CAN.
CAN was originally designed without security in mind, and its design choices were greatly influenced by such strict constraints as low cost and low network latency in isolated/closed environments. As a result, it cannot ensure data authentication or privacy, thus becoming susceptible to various attacks.
However, vehicle manufacturers are now departing from this closed operation of in-vehicle networks by allowing external entities to send commands from a remote site to in-vehicle components for diagnosis and anti-theft purposes, which accompany new security risks. Several studies have already reported that connecting/exposing a vehicle's internal subsystems to external entities create serious security and safety risks. The security architecture of CAN is too weak to deal with this type of exposure.
There have been various efforts to address sophisticated cyber-vehicle security risks and attacks. For example, Automotive Open System Architecture (AUTOSAR) and the EVITA project focus on development of a standard security architecture. There have also been several research projects aimed at enhancing the security of CAN. However, none of these can cope with Denial-of-Service (DoS) attacks on ECUs. Since ECUs are very resource-constrained for cost and size reasons, requiring them to perform more than a simple computation can degrade/compromise their intended functionality and/or required performance.
To address these and other weaknesses of existing CAN protocols, this disclosure proposes an efficient security protocol which does not require modifications of current, cost-conscious in-vehicle networks.
This section provides background information related to the present disclosure which is not necessarily prior art.